SlideShare ist ein Scribd-Unternehmen logo

Data protection regulation

Als PPTX, PDF herunterladen
Greg Ezeilo
Greg Ezeilo

This document discusses Nigeria's Data Protection Regulation (NDPR) and issues around cybersecurity and data privacy. It provides an overview of the key aspects of the NDPR, including its objectives, coverage, definitions, principles of data processing, rights of data subjects, and implementation guidelines. It also examines challenges around NDPR implementation and compliance, as well as perspectives on data legislation internationally. Cybersecurity threats are discussed as a major issue, with vulnerabilities in systems and networks posing risks like data and intellectual property theft. The takeaway is on the importance of compliance with the NDPR and addressing cybersecurity challenges to data privacy.

Regierungs- und gemeinnützige Organisationen
1 von 46
WITH NIGERIA DATA PROTECTION REGULATION (NDPR) AND Compliance with Nigeria Data Protection Regulation (NDPR) and Cybersecurity Greg U. Ezeilo, FCA, PhD
Compliance with Nigeria NDPR and Cybersecurity…… Data Privacy and Protection Concerns in Nigeria What NDPR Says in specifics NITDA’s Data Protection Regulation (NDPR)—objectives, coverage, structure and definitions NDPR Implementation Guide Data Privacy Breaches and Remedies Perspectives of Data Protection Legislation: Nigeria and the International jurisdictions Agenda
implementation Challenges of NDPR Cybersecurity—A big Issue Conclusions and takeaway Q/A Others include…. Compliance with Nigeria NDPR and Cybersecurity……
1 2 3 4 5 Key Concerns Associated With Data Privacy and Protection in Nigeria—World Wide Web Foundation, 2018 Data collection purpose and usage “Mismatch” Limited rights of data subjects to the collection, usage, storage or even disposal of data Lack of informed consent Limited transparency associated with processing of personal data and risk of personal data breach Risk of privacy violations in vulnerable populations, especially children and persons of metal and health incapacitations
Individual Rights of Privacy Protection is enshrined in Article 12— United Nations Declaration of Human Right In the EU, May 25, 2018 saw the issuance of General Data Protection Regulation (GDPR) of 1948 In 2010 and 2014 both the ECOWAS and African Union convention on cybersecurity development a framework for data protection among the member states In Nigeria, while there is to be an enacted law on data protection, citizens’ privacy is guaranteed under the 1999 constitution, specifically, section 37 says, “The Privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is here by guaranteed and protected” Perspective of Data Legislation: Nigeria and the Global Communities
Elsewhere and particularly the US… Federate Trade Commission Act (FTCA)—prohibiting unfair or deceptive practices affecting or inhibiting commerce” Heath Insurance Portability and Accountability Act (HIPAA) Family Education Rights and Privacy Act (FERPA)—this seeks to protect students educational records, and applies to all educational agencies and institutions throughout the US CAN-SPAM Act 2003—Non-Solicited Pornography and Marketing Act seeking to regulate commercial email messages. 1 2 3 4
Gramm-Leach Billy Act (GLBA)—in respect of protection of customer data and privacy of customer information by financial institutions Fair credit reporting Act—here Customer Reporting agencies are required fair reporting of consumer personal information Child’s Online Privacy Protection Act (COPPA)—typically underaged (13yrs and below)children—regulates and protects children’s data across the Web California Online Privacy Protection Act, California financial information privacy Act, New York Information Security Breach and Notification Act, etc. Others include….
Part—1(3 sections) Deals with the objectives, scope and key definitions Part—2 12 sections covering governing principles, procurement, informed consent, to exceptions with respect to data transfer to foreign countries Part—3 (1section) Individual Rights of Data Subjects Part—4 (3sections) Implementation plan, administrative redress and foreign cooperation NITDA Data Protection Regulation (NDPR) Structural Framework ©All-PPT-Templates.com | All Rights Reserved
Key Objectives of the NDPRA safeguard the rights of natural persons to data privacy Ensuring safe conduct of transactions involving the exchange of Personal Data Prevention of manipulation of Personal Data Ensuring that Nigerian businesses are competitive in international trade through an effective secure framework on data protection and in line with best practice
Coverage of the NDPR It applies to all transactions intended for the processing of Personal Data of all natural persons irrespective of the means of such processing Applies to natural persons residing in Nigeria or residing outside Nigeria but who are citizens of Nigeria; No Nigerian or any natural person by reason of this regulation shall be denied the right to data privacy entitled to under any law, regulation, policy, contract for the time being in force in Nigeria or in any foreign jurisdiction
“Act” means the National Information Technology Development Agency Act of 2007 “Computer” “Data Subject” ‘Consent’ of the Data Subject “Data” means characters, symbols and binary on which operations are performed… “Data Administrator “ “Data Controller” 1 2 3 4 5 6 7 8 Key concepts, principles and definitions “Database”
Key concepts, principles and definitions 1 2 3 4 5 6 7 8 “Database Management System” “Data Portability” “Data Protection Compliance Organization (DPCO)” “Data Subject Access Request” –example BVN Statement “Filing system” “Foreign Country” “Regulation” “Personal Data”
Key Concepts, Principles and Definitions “Personal Identifiable Informatio n “Processing ” “Personal Data Breach” “Recipient ” “Sensitive Personal Data” “The Agency” = NITDA “Third Party” “Relevant Authorities”
What the Regulation says in specifics….. Personal Data shall be collected legitimately, for lawful purposed and with informed consent secured against all foreseeable hazards and breaches stored only for the period within which it is reasonably needed accountability for acts and omissions in respect of data processing, and in accordance with the principles contained in this Regulation. duty of care to Data Subject; Data collected shall be adequate, accurate and without prejudice to the dignity of human person On Principles governing data processing..
What the Regulation says in specifics….. Informed consent of the Data Subject ..where the performance of a certain contract is the subject matter Where a legal obligation is at issues and the Data Controller is the subject For the protection of the vital interests of the Data Subject or of another natural person Where the performance of a task carried out in public interest or in exercise of official public mandate vested in the controller; On lawful processing … where at least one of these is true
What the Regulation says in specifics….. On procuring Informed Consent.. Data Controller is under obligation to enforce this right, and to ensure consent of a Data Subject has been obtained without fraud, coercion or undue influence; and in this sense: Data Subject reserves the right to know the purpose 1. Data Controller must demonstrate Consent and legal capacity to give same 2. Where consent is be declaration, it must be in an intelligible and easily accessible form, using clear and plain language. 3. Data Subject shall be informed of his right and method to withdraw his consent at any given time without prejudice to the lawfulness of processing prior to withdrawal 4. when assessing whether consent is freely given consideration shall be giving in cases of contract performance 5. where data may be transferred to a third party for any reason whatsoever
What the Regulation says in specifics….. …direct or indirect propagation of atrocities, hate, child rights violation, criminal acts and anti- social conducts; no consent shall be sought or given A party to any data processing contract, other than an individual Data Subject, shall take reasonable measures to ensure the other party does not have a record of violating the principles governing rights of privacy under this regulation For this purpose, “a party” shall include directors, shareholders, servants and privies of the contracting party; and record shall include report of public records and reports in credible news media—in this sense, no distinction is made between legal and natural persons On due diligence and prohibition of improper acts
Declare what constitutes the Data Subject’s consent Description of collectable personal information purpose of collection of Personal Data; technical methods used to collect and store personal information, cookies, access (if any) of third parties to Personal Data and purpose of a highlight of the principles governing processing as indicated in Part-2 of this regulation Available remedies in the event of violation of the privacy policy the time frame for remedy 1 2 3 4 5 6 7 8 On Privacy Policy .. in addition to any relevant information contain: What the Regulation says in specifics….. provided that no limitation clause shall avail any Data Controller who acts in breach of the principles set out in this Regulation
What the Regulation says in specifics….. On Data Security…measu res to protect Subjects Data will not be limited to: setting up firewalls Use of well-known data access control mechanisms Use of data encryption technologies protecting systems from hackers protection of emailing systems and continuous capacity building for staff. Organisations data handling policy
What the Regulation says in specifics….. “Data processing by a third party shall be governed by a written contract between the third party and the Data Controller. Accordingly, any person engaging a third party to process the data obtained from Data Subjects shall ensure adherence to this Regulation.” On third Party Data Processing Contract…
What the Regulation says in specifics….. Objection: Can the Data Subject Object to the collection, processing, ..also, be expressly and manifestly offered the mechanism for objection to any form of data processing and free of charge ..when Data Controller intends to process the data for the purpose of marketing
privacy right of a Data Subject shall be construed in the light of advancing and never for the purpose of restricting the safeguards Data Subject is entitled to under any data protection instrument made in furtherance of fundamental rights and the Nigerian laws. Data Privacy Advancement What the Regulation says in specifics…..
What the Regulation says in specifics….. Penalty for default.. in the case of a Data Controller dealing with less than 10,000 Data Subjects, payment of the fine of 1% of the Annual Gross Revenue of the preceding year or payment of the sum of 2 million Naira, whichever is in the case of a Data Controller dealing with more than 10,000 Data Subjects, payment of the fine of 2% of Annual Gross Revenue of the preceding year or payment of the sum of 10 million Naira, whichever
What the Regulation says in specifics….. “Any transfer of Personal Data which is undergoing processing or is intended for processing after transfer to a foreign country or to an international organisation shall take place subject to the other provisions of this Regulation and the supervision of the Honourable Attorney General of the Federation (HAGF).” Transfers to other Countries
RIGHTS OF DATA SUBJECT “The Controller shall take appropriate measures to provide any information relating to processing to the Data Subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and for any information relating to a child”. “The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the Data Subject, the information may be provided orally, provided that the identity of the Data Subject is proven by other means”. What the Regulation says in specifics…..
The implementation is effective within (3) months of issuance and all organisations private or public must make available to the general public their respective data protection Policies; these Policies shall be inconformity with this Regulation Every Data Controller shall designate a Data Protection Officer (DPO) who may outsource data protection to a competent person or firm Assurance of continuous capacity building of DPOs by the Data controller NITDA shall by this Regulation register and license Data Protection Compliance Organisations (DPCOs) and subject to Regulations and Audit of organisations’ data protection and privacy practices must be done within six (6) months after the date of issuance of this Regulations; this has now been Where a Data Controller processes the Personal Data of more than 1000 in a period of six months, a soft copy of the summary of the audit shall be submitted to the Agency Annually, Data Controller who processed the Personal Data of more than 2000 Data Subjects in a period of 12 months shall, not later than the 15th of March of the following year, submit a summary of its data protection audit to the Agency The mass media and the civil society shall have the right to uphold accountability and foster the objectives of this Regulation. 1 2 3 4 5 6 7 8 Implementa tion Mechanism
Breach and Administrative Remedy Panel Invitation of any party to respond to allegations made against it within seven days Issuance of Administrative orders to protect the subject- matter of the allegation pending the outcome of investigation Conclusion of investigation and determination of appropriate redress within twenty-eight (28) working days; and Any breach of this Regulation shall be construed as a breach of the provisions of the National Information Technology Development Agency (NITDA) Act of 2007. Investigation of allegations of any breach of the provisions of this Regulation; Without prejudice to the right of a Data Subject to seek redress in a court of competent jurisdiction, the Agency shall set up an Administrative Redress Panel under the following terms of reference:
Local and International Cooperation Develop international cooperation mechanisms to facilitate the effective enforcement of legislation for the protection of Personal Data; Provide international mutual assistance in the enforcement of legislation for the protection of Personal Data, Engage relevant stakeholders in discussion and activities aimed at furthering international cooperation in the enforcement of legislation for the protection of Personal Data Promote the exchange and documentation of Personal Data protection legislation and practice, including on jurisdictional conflicts with third countries In the case of local and international sharing of information associated with Data subjects.... steps
NDPR Implantation Challenges General awareness COVID 19 Intervention Capacities, expertise and grounding of breach redress mechanisms and organs Are there challenges in NDPR Implementatio n
A Glance at Cybersecurity Threats ………. 31 WEB APPLLICATIONS 9.4% CRIMEWARE 18.8% CYBER ESPIONAGE 18% PRIVILAGE MISUSE 10.6% MISCELLANEOUS 14.7% POINT OF SALE 28.5%
Cybersecurity Challenges Unprecedented Risk  Intellectual property theft  Monetary losses  Operational disruptions  Company devaluation  Customer suits  Bad Media publicity  Brand degradation  Environmental issues  Regulator intervention Vulnerabilities  Hyper- interconnectivity of information systems  Rapid technological infrastructure expansion  Undefinable business perimeter  Unprepared corporate workforce and culture  Dissimilar security models applied across the enterprise Threat Sources Insiders Criminals State Actors Hacktivists Individuals Many organisations are unprepared 32
Cybersecurity and Data Integrity Threats….. “If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom the secret was told”. —The Art of War, Sun Tzu OfData breaches….
Defining a breach…. Data Breach = Privacy/Data Integrity Compromise Business/Officia l Secretes Customer records Documents of a privacy nature Systems vulnerability leading to a breach Personally Identifiable Information (PII)
Breaches of the 21st century 2018 2017 2016 2015 2014 2013 2012 2011
Cybersecurity and Identity Theft Concerns Someone steals your personal information Uses it without your permission Can damage your finances, reputation, and credit history Identity Theft Exploits
Identity Theft Exploits Nature and Forms Stolen or diverted mail Pose as business partner or landlord Mass marketing Stolen/wallets/Passports/ purses/records Phishing Hacking into mails, accounts, etc
Other Attack Forms……. Data modifications Packet Replay attacks Identity Spoofing The contents of a packet can be accidentally or deliberately modified Re-transmission of unauthorized data The origin of an IP packet can be forged.
OTHER ATTACK FORMS SQL Injection SQL helps attacker to add, modify and delete records in a database, affecting data integrity.
DEFENCES
General defences against breeches and identity theft Controlling the Risks of Cyber Attacks Treat your PII with care and secrecy Always Shred unnecessary and classified documents Monitor your mails for uncommon sources Always secure and guard your computer access and Perimeter zone including use of valid passcodes
Concluding .…on a general note Cyber Attacks are real Information Risk Management Infrastructure Security Application Security Information Protection Awareness, Training, & Education Communications & Engagement Event Management Governance of IT 42
Conclusion Finally, every organization private or public should take NDPR very serious! Sanctions are on the way! ….Next technologies are imminent 5G/BT/ Robotics etc Cyber Attacks-– A real Threat Use strong Perimeter protection and access controls Declassify and destroy doc. Make report to responsible authorities-- NITDA Incidence Response is non- negotiable
Dr. Greg Ugochukwu Ezeilo, FCA +234-803-300-8104; 070-8892-4312 email: gregezeilo@signalhouse.org 44
Questions
References Ezeilo, G.U. (2019). Cybersecurity for finance professionals: Challenges and opportunities. Being a paper presented at a Workshop for Executives of Ecobank Africa NITDA, (2019). Nigeria data protection regulation 2019 World Wide Web Foundation (2018). Personal data protection in Nigeria. Retrieved from www.webfoundation.org Hasty, R., Nagel, T., & Subjally, M. W (2013). Data protection law in the USA. Advocate for International Development Lawyers Eradicating Poverty

Empfohlen

Data protection regulations in Nigeria
Data protection regulations in NigeriaData protection regulations in Nigeria
Data protection regulations in NigeriaMercy Akinseinde
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001chutinhha
 
Stelios Aronis ISO 22301 BCMS Implementation and Sharing of BCM Best Practice...
Stelios Aronis ISO 22301 BCMS Implementation and Sharing of BCM Best Practice...Stelios Aronis ISO 22301 BCMS Implementation and Sharing of BCM Best Practice...
Stelios Aronis ISO 22301 BCMS Implementation and Sharing of BCM Best Practice...BCM Institute
 

Empfohlen

Data protection regulations in Nigeria
Data protection regulations in NigeriaData protection regulations in Nigeria
Data protection regulations in NigeriaMercy Akinseinde
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001chutinhha
 
Stelios Aronis ISO 22301 BCMS Implementation and Sharing of BCM Best Practice...
Stelios Aronis ISO 22301 BCMS Implementation and Sharing of BCM Best Practice...Stelios Aronis ISO 22301 BCMS Implementation and Sharing of BCM Best Practice...
Stelios Aronis ISO 22301 BCMS Implementation and Sharing of BCM Best Practice...BCM Institute
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
PPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdfPPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdfVinod Kashyap
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
GDPR
GDPRGDPR
GDPRYounes Boukamher
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Data Protection: An Approach to Privacy
Data Protection: An Approach to PrivacyData Protection: An Approach to Privacy
Data Protection: An Approach to PrivacySymptai Consulting Limited
 
Third-Party Risk Management at Accenture
Third-Party Risk Management at AccentureThird-Party Risk Management at Accenture
Third-Party Risk Management at Accentureaccenture
 
GDPR
GDPRGDPR
GDPRGopi PD
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...Nzeih Chukwuemeka
 

Weitere ähnliche Inhalte

Was ist angesagt?

GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
PPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdfPPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdfVinod Kashyap
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Third-Party Risk Management at Accenture
Third-Party Risk Management at AccentureThird-Party Risk Management at Accenture
Third-Party Risk Management at Accentureaccenture
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 

Was ist angesagt? (20)

GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
PPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdfPPT - 55th WCARS - 09.01.2023.pdf
PPT - 55th WCARS - 09.01.2023.pdf
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
GDPR
GDPRGDPR
GDPR
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and Communications
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Data Protection: An Approach to Privacy
Data Protection: An Approach to PrivacyData Protection: An Approach to Privacy
Data Protection: An Approach to Privacy
 
Third-Party Risk Management at Accenture
Third-Party Risk Management at AccentureThird-Party Risk Management at Accenture
Third-Party Risk Management at Accenture
 
GDPR
GDPRGDPR
GDPR
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
 

Ähnlich wie Data protection regulation

OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...Nzeih Chukwuemeka
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRzayadeen2003
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxUsmanMAmeer
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfDaviesParker
 
Hexagon presentation light.pptx
Hexagon presentation light.pptxHexagon presentation light.pptx
Hexagon presentation light.pptxPabRonaldCalanoc1
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRNupur Samaddar
 
Managing Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentationManaging Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentationsilvereyez11
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityEmerson Bryan
 
GDPR - The new era of data protection
GDPR - The new era of data protectionGDPR - The new era of data protection
GDPR - The new era of data protectionInterlogica
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...Dr. Oliver Massmann
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 

Ähnlich wie Data protection regulation (20)

OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
 
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
 
Hexagon presentation light.pptx
Hexagon presentation light.pptxHexagon presentation light.pptx
Hexagon presentation light.pptx
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPR
 
Managing Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentationManaging Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentation
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
Final projet
Final projetFinal projet
Final projet
 
GDPR - The new era of data protection
GDPR - The new era of data protectionGDPR - The new era of data protection
GDPR - The new era of data protection
 
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
NEW DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE...
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 

Kürzlich hochgeladen

2024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 322024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 32JSchaus & Associates
 
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiVasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiPriya Reddy
 
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...kumargunjan9515
 
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdfPeace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdfNAP Global Network
 
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...Call Girls Mumbai
 
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...Sareena Khatun
 
Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'NAP Global Network
 
sponsor for poor old age person food.pdf
sponsor for poor old age person food.pdfsponsor for poor old age person food.pdf
sponsor for poor old age person food.pdfSERUDS INDIA
 
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...kumargunjan9515
 
The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learningNAP Global Network
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfScottMeyers35
 
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budgetkumargunjan9515
 
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Namrata Singh
 
2024 asthma jkdjkfjsdklfjsdlkfjskldfgdsgerg
2024 asthma jkdjkfjsdklfjsdlkfjskldfgdsgerg2024 asthma jkdjkfjsdklfjsdlkfjskldfgdsgerg
2024 asthma jkdjkfjsdklfjsdlkfjskldfgdsgergMadhuKothuru
 
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...gajnagarg
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlEdouardHusson
 
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...kajalverma014
 
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...HyderabadDolls
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfSamirsinh Parmar
 

Kürzlich hochgeladen (20)

2024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 322024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 32
 
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiVasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
 
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
 
Panchayath circular KLC -Panchayath raj act s 169, 218
Panchayath circular KLC -Panchayath raj act s 169, 218Panchayath circular KLC -Panchayath raj act s 169, 218
Panchayath circular KLC -Panchayath raj act s 169, 218
 
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdfPeace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
Peace-Conflict-and-National-Adaptation-Plan-NAP-Processes-.pdf
 
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
Bhubaneswar Call Girls Bhubaneswar 👉👉 9777949614 Top Class Call Girl Service ...
 
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
 
Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'
 
sponsor for poor old age person food.pdf
sponsor for poor old age person food.pdfsponsor for poor old age person food.pdf
sponsor for poor old age person food.pdf
 
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
 
The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learning
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdf
 
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
 
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
 
2024 asthma jkdjkfjsdklfjsdlkfjskldfgdsgerg
2024 asthma jkdjkfjsdklfjsdlkfjskldfgdsgerg2024 asthma jkdjkfjsdklfjsdlkfjskldfgdsgerg
2024 asthma jkdjkfjsdklfjsdlkfjskldfgdsgerg
 
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
 
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdf
 

Data protection regulation

  • 1. WITH NIGERIA DATA PROTECTION REGULATION (NDPR) AND Compliance with Nigeria Data Protection Regulation (NDPR) and Cybersecurity Greg U. Ezeilo, FCA, PhD
  • 2. Compliance with Nigeria NDPR and Cybersecurity…… Data Privacy and Protection Concerns in Nigeria What NDPR Says in specifics NITDA’s Data Protection Regulation (NDPR)—objectives, coverage, structure and definitions NDPR Implementation Guide Data Privacy Breaches and Remedies Perspectives of Data Protection Legislation: Nigeria and the International jurisdictions Agenda
  • 3. implementation Challenges of NDPR Cybersecurity—A big Issue Conclusions and takeaway Q/A Others include…. Compliance with Nigeria NDPR and Cybersecurity……
  • 4. 1 2 3 4 5 Key Concerns Associated With Data Privacy and Protection in Nigeria—World Wide Web Foundation, 2018 Data collection purpose and usage “Mismatch” Limited rights of data subjects to the collection, usage, storage or even disposal of data Lack of informed consent Limited transparency associated with processing of personal data and risk of personal data breach Risk of privacy violations in vulnerable populations, especially children and persons of metal and health incapacitations
  • 5. Individual Rights of Privacy Protection is enshrined in Article 12— United Nations Declaration of Human Right In the EU, May 25, 2018 saw the issuance of General Data Protection Regulation (GDPR) of 1948 In 2010 and 2014 both the ECOWAS and African Union convention on cybersecurity development a framework for data protection among the member states In Nigeria, while there is to be an enacted law on data protection, citizens’ privacy is guaranteed under the 1999 constitution, specifically, section 37 says, “The Privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is here by guaranteed and protected” Perspective of Data Legislation: Nigeria and the Global Communities
  • 6. Elsewhere and particularly the US… Federate Trade Commission Act (FTCA)—prohibiting unfair or deceptive practices affecting or inhibiting commerce” Heath Insurance Portability and Accountability Act (HIPAA) Family Education Rights and Privacy Act (FERPA)—this seeks to protect students educational records, and applies to all educational agencies and institutions throughout the US CAN-SPAM Act 2003—Non-Solicited Pornography and Marketing Act seeking to regulate commercial email messages. 1 2 3 4
  • 7. Gramm-Leach Billy Act (GLBA)—in respect of protection of customer data and privacy of customer information by financial institutions Fair credit reporting Act—here Customer Reporting agencies are required fair reporting of consumer personal information Child’s Online Privacy Protection Act (COPPA)—typically underaged (13yrs and below)children—regulates and protects children’s data across the Web California Online Privacy Protection Act, California financial information privacy Act, New York Information Security Breach and Notification Act, etc. Others include….
  • 8. Part—1(3 sections) Deals with the objectives, scope and key definitions Part—2 12 sections covering governing principles, procurement, informed consent, to exceptions with respect to data transfer to foreign countries Part—3 (1section) Individual Rights of Data Subjects Part—4 (3sections) Implementation plan, administrative redress and foreign cooperation NITDA Data Protection Regulation (NDPR) Structural Framework ©All-PPT-Templates.com | All Rights Reserved
  • 9. Key Objectives of the NDPRA safeguard the rights of natural persons to data privacy Ensuring safe conduct of transactions involving the exchange of Personal Data Prevention of manipulation of Personal Data Ensuring that Nigerian businesses are competitive in international trade through an effective secure framework on data protection and in line with best practice
  • 10. Coverage of the NDPR It applies to all transactions intended for the processing of Personal Data of all natural persons irrespective of the means of such processing Applies to natural persons residing in Nigeria or residing outside Nigeria but who are citizens of Nigeria; No Nigerian or any natural person by reason of this regulation shall be denied the right to data privacy entitled to under any law, regulation, policy, contract for the time being in force in Nigeria or in any foreign jurisdiction
  • 11. “Act” means the National Information Technology Development Agency Act of 2007 “Computer” “Data Subject” ‘Consent’ of the Data Subject “Data” means characters, symbols and binary on which operations are performed… “Data Administrator “ “Data Controller” 1 2 3 4 5 6 7 8 Key concepts, principles and definitions “Database”
  • 12. Key concepts, principles and definitions 1 2 3 4 5 6 7 8 “Database Management System” “Data Portability” “Data Protection Compliance Organization (DPCO)” “Data Subject Access Request” –example BVN Statement “Filing system” “Foreign Country” “Regulation” “Personal Data”
  • 13. Key Concepts, Principles and Definitions “Personal Identifiable Informatio n “Processing ” “Personal Data Breach” “Recipient ” “Sensitive Personal Data” “The Agency” = NITDA “Third Party” “Relevant Authorities”
  • 14. What the Regulation says in specifics….. Personal Data shall be collected legitimately, for lawful purposed and with informed consent secured against all foreseeable hazards and breaches stored only for the period within which it is reasonably needed accountability for acts and omissions in respect of data processing, and in accordance with the principles contained in this Regulation. duty of care to Data Subject; Data collected shall be adequate, accurate and without prejudice to the dignity of human person On Principles governing data processing..
  • 15. What the Regulation says in specifics….. Informed consent of the Data Subject ..where the performance of a certain contract is the subject matter Where a legal obligation is at issues and the Data Controller is the subject For the protection of the vital interests of the Data Subject or of another natural person Where the performance of a task carried out in public interest or in exercise of official public mandate vested in the controller; On lawful processing … where at least one of these is true
  • 16. What the Regulation says in specifics….. On procuring Informed Consent.. Data Controller is under obligation to enforce this right, and to ensure consent of a Data Subject has been obtained without fraud, coercion or undue influence; and in this sense: Data Subject reserves the right to know the purpose 1. Data Controller must demonstrate Consent and legal capacity to give same 2. Where consent is be declaration, it must be in an intelligible and easily accessible form, using clear and plain language. 3. Data Subject shall be informed of his right and method to withdraw his consent at any given time without prejudice to the lawfulness of processing prior to withdrawal 4. when assessing whether consent is freely given consideration shall be giving in cases of contract performance 5. where data may be transferred to a third party for any reason whatsoever
  • 17. What the Regulation says in specifics….. …direct or indirect propagation of atrocities, hate, child rights violation, criminal acts and anti- social conducts; no consent shall be sought or given A party to any data processing contract, other than an individual Data Subject, shall take reasonable measures to ensure the other party does not have a record of violating the principles governing rights of privacy under this regulation For this purpose, “a party” shall include directors, shareholders, servants and privies of the contracting party; and record shall include report of public records and reports in credible news media—in this sense, no distinction is made between legal and natural persons On due diligence and prohibition of improper acts
  • 18. Declare what constitutes the Data Subject’s consent Description of collectable personal information purpose of collection of Personal Data; technical methods used to collect and store personal information, cookies, access (if any) of third parties to Personal Data and purpose of a highlight of the principles governing processing as indicated in Part-2 of this regulation Available remedies in the event of violation of the privacy policy the time frame for remedy 1 2 3 4 5 6 7 8 On Privacy Policy .. in addition to any relevant information contain: What the Regulation says in specifics….. provided that no limitation clause shall avail any Data Controller who acts in breach of the principles set out in this Regulation
  • 19. What the Regulation says in specifics….. On Data Security…measu res to protect Subjects Data will not be limited to: setting up firewalls Use of well-known data access control mechanisms Use of data encryption technologies protecting systems from hackers protection of emailing systems and continuous capacity building for staff. Organisations data handling policy
  • 20. What the Regulation says in specifics….. “Data processing by a third party shall be governed by a written contract between the third party and the Data Controller. Accordingly, any person engaging a third party to process the data obtained from Data Subjects shall ensure adherence to this Regulation.” On third Party Data Processing Contract…
  • 21. What the Regulation says in specifics….. Objection: Can the Data Subject Object to the collection, processing, ..also, be expressly and manifestly offered the mechanism for objection to any form of data processing and free of charge ..when Data Controller intends to process the data for the purpose of marketing
  • 22. privacy right of a Data Subject shall be construed in the light of advancing and never for the purpose of restricting the safeguards Data Subject is entitled to under any data protection instrument made in furtherance of fundamental rights and the Nigerian laws. Data Privacy Advancement What the Regulation says in specifics…..
  • 23. What the Regulation says in specifics….. Penalty for default.. in the case of a Data Controller dealing with less than 10,000 Data Subjects, payment of the fine of 1% of the Annual Gross Revenue of the preceding year or payment of the sum of 2 million Naira, whichever is in the case of a Data Controller dealing with more than 10,000 Data Subjects, payment of the fine of 2% of Annual Gross Revenue of the preceding year or payment of the sum of 10 million Naira, whichever
  • 24. What the Regulation says in specifics….. “Any transfer of Personal Data which is undergoing processing or is intended for processing after transfer to a foreign country or to an international organisation shall take place subject to the other provisions of this Regulation and the supervision of the Honourable Attorney General of the Federation (HAGF).” Transfers to other Countries
  • 25. RIGHTS OF DATA SUBJECT “The Controller shall take appropriate measures to provide any information relating to processing to the Data Subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and for any information relating to a child”. “The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the Data Subject, the information may be provided orally, provided that the identity of the Data Subject is proven by other means”. What the Regulation says in specifics…..
  • 26. The implementation is effective within (3) months of issuance and all organisations private or public must make available to the general public their respective data protection Policies; these Policies shall be inconformity with this Regulation Every Data Controller shall designate a Data Protection Officer (DPO) who may outsource data protection to a competent person or firm Assurance of continuous capacity building of DPOs by the Data controller NITDA shall by this Regulation register and license Data Protection Compliance Organisations (DPCOs) and subject to Regulations and Audit of organisations’ data protection and privacy practices must be done within six (6) months after the date of issuance of this Regulations; this has now been Where a Data Controller processes the Personal Data of more than 1000 in a period of six months, a soft copy of the summary of the audit shall be submitted to the Agency Annually, Data Controller who processed the Personal Data of more than 2000 Data Subjects in a period of 12 months shall, not later than the 15th of March of the following year, submit a summary of its data protection audit to the Agency The mass media and the civil society shall have the right to uphold accountability and foster the objectives of this Regulation. 1 2 3 4 5 6 7 8 Implementa tion Mechanism
  • 27. Breach and Administrative Remedy Panel Invitation of any party to respond to allegations made against it within seven days Issuance of Administrative orders to protect the subject- matter of the allegation pending the outcome of investigation Conclusion of investigation and determination of appropriate redress within twenty-eight (28) working days; and Any breach of this Regulation shall be construed as a breach of the provisions of the National Information Technology Development Agency (NITDA) Act of 2007. Investigation of allegations of any breach of the provisions of this Regulation; Without prejudice to the right of a Data Subject to seek redress in a court of competent jurisdiction, the Agency shall set up an Administrative Redress Panel under the following terms of reference:
  • 28. Local and International Cooperation Develop international cooperation mechanisms to facilitate the effective enforcement of legislation for the protection of Personal Data; Provide international mutual assistance in the enforcement of legislation for the protection of Personal Data, Engage relevant stakeholders in discussion and activities aimed at furthering international cooperation in the enforcement of legislation for the protection of Personal Data Promote the exchange and documentation of Personal Data protection legislation and practice, including on jurisdictional conflicts with third countries In the case of local and international sharing of information associated with Data subjects.... steps
  • 29. NDPR Implantation Challenges General awareness COVID 19 Intervention Capacities, expertise and grounding of breach redress mechanisms and organs Are there challenges in NDPR Implementatio n
  • 30.
  • 31. A Glance at Cybersecurity Threats ………. 31 WEB APPLLICATIONS 9.4% CRIMEWARE 18.8% CYBER ESPIONAGE 18% PRIVILAGE MISUSE 10.6% MISCELLANEOUS 14.7% POINT OF SALE 28.5%
  • 32. Cybersecurity Challenges Unprecedented Risk  Intellectual property theft  Monetary losses  Operational disruptions  Company devaluation  Customer suits  Bad Media publicity  Brand degradation  Environmental issues  Regulator intervention Vulnerabilities  Hyper- interconnectivity of information systems  Rapid technological infrastructure expansion  Undefinable business perimeter  Unprepared corporate workforce and culture  Dissimilar security models applied across the enterprise Threat Sources Insiders Criminals State Actors Hacktivists Individuals Many organisations are unprepared 32
  • 33. Cybersecurity and Data Integrity Threats….. “If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom the secret was told”. —The Art of War, Sun Tzu OfData breaches….
  • 34. Defining a breach…. Data Breach = Privacy/Data Integrity Compromise Business/Officia l Secretes Customer records Documents of a privacy nature Systems vulnerability leading to a breach Personally Identifiable Information (PII)
  • 36. Cybersecurity and Identity Theft Concerns Someone steals your personal information Uses it without your permission Can damage your finances, reputation, and credit history Identity Theft Exploits
  • 37. Identity Theft Exploits Nature and Forms Stolen or diverted mail Pose as business partner or landlord Mass marketing Stolen/wallets/Passports/ purses/records Phishing Hacking into mails, accounts, etc
  • 38. Other Attack Forms……. Data modifications Packet Replay attacks Identity Spoofing The contents of a packet can be accidentally or deliberately modified Re-transmission of unauthorized data The origin of an IP packet can be forged.
  • 39. OTHER ATTACK FORMS SQL Injection SQL helps attacker to add, modify and delete records in a database, affecting data integrity.
  • 41. General defences against breeches and identity theft Controlling the Risks of Cyber Attacks Treat your PII with care and secrecy Always Shred unnecessary and classified documents Monitor your mails for uncommon sources Always secure and guard your computer access and Perimeter zone including use of valid passcodes
  • 42. Concluding .…on a general note Cyber Attacks are real Information Risk Management Infrastructure Security Application Security Information Protection Awareness, Training, & Education Communications & Engagement Event Management Governance of IT 42
  • 43. Conclusion Finally, every organization private or public should take NDPR very serious! Sanctions are on the way! ….Next technologies are imminent 5G/BT/ Robotics etc Cyber Attacks-– A real Threat Use strong Perimeter protection and access controls Declassify and destroy doc. Make report to responsible authorities-- NITDA Incidence Response is non- negotiable
  • 44. Dr. Greg Ugochukwu Ezeilo, FCA +234-803-300-8104; 070-8892-4312 email: gregezeilo@signalhouse.org 44
  • 46. References Ezeilo, G.U. (2019). Cybersecurity for finance professionals: Challenges and opportunities. Being a paper presented at a Workshop for Executives of Ecobank Africa NITDA, (2019). Nigeria data protection regulation 2019 World Wide Web Foundation (2018). Personal data protection in Nigeria. Retrieved from www.webfoundation.org Hasty, R., Nagel, T., & Subjally, M. W (2013). Data protection law in the USA. Advocate for International Development Lawyers Eradicating Poverty